I have a feeling that the FLOSS movement in spirit was constructed in the previous centralised computing paradigm with timesharing systems, and in some sense is left there. I wonder what its corresponding movement of our time would be, now that the pendulum has swung back from the desktop computing paradigm and into dumb terminals over a document format?

@alcinnz I think so, but not just that. If they used copyright law and GPL, I think we need to do similar forays into other fields, but I'm still quite fuzzy on the details of what that means.

@albin Well, Stallman, Maciej Cegłowski, later @aral , etc have talked about the concept of a General Data Minimisation Regulation (Aral's term).

I do think we should be campaigning for that. I don't know what else.

@alcinnz Without having read anything about it, it sounds reasonable to me!

@albin I'll look up some articals for you, but the idea is that if you can do your core job without uploading a piece of data to some central servers you are forbidden from doing so. And you can't say "but we can offer more conveniences by collecting this data".

@albin From Stallman's artical:

"There are so many ways to use data to hurt people that the only safe database is the one that was never collected. Thus, instead of the EU’s approach of mainly regulating how personal data may be used (in its General Data Protection Regulation or GDPR), I propose a law to stop systems from collecting personal data."

@alcinnz @albin

Much has been said about the GDPR's bases for processing personal data, but it also includes regulations on how systems are designed and implemented in the form of Article 25

Follow

@alcinnz @albin

Which says:

"Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures.

@alcinnz @albin

(cont'd) such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects."

@jack @alcinnz I'm guessing your argument is that the devil is in how these laws are enforced?

@albin @alcinnz

Indeed! Enforcement is always key. I think we'll have to wait and see what happens when somebody challenges a supervisory authority in court to get public confirmation on how Art 25 is being enforced in the real world. That could take a while :(

@jack Yes, exciting indeed. Though I'd prefer to have a few plans B etc lying around in case it doesn't pan out.

Sign in to participate in the conversation
Mastodon

My home on the Fediverse.